October is National Cybersecurity Awareness Month (NCSAM). It's also the perfect time to implement some basic practices to safeguard our privacy and valuable digital assets.
To help us celebrate safely, Quinnipiac’s Fred Scholl has developed this helpful list of 31 practical tips everyone can use to #BeCyberSmart in our personal and business lives.
This list includes some basic ideas that we hope you are already doing and some that you may not have thought of.
- Install and enable the (Software) auto-update features in your Operating System (OS) (Mac – Windows).
- Use the Operating System’s firewall (it should be turned on by default, verify) (Mac – Windows).
- Install, update and run (at least weekly) anti-virus software (many free versions are available).
- Install and update Mobile Device Antivirus Security software for your smart phone.
- Install and update all third-party software (Adobe, Java, etc.) (Mac – Windows).
- Install, update and run Malware Bytes (malware removal tool – Windows and Mac).
- Always use a Virtual Private Network (VPN) when connecting to an untrusted network (open or free Wi-Fi).
- Use a strong password (passphrase is better, multi-factor is best) at least 8 characters, upper and lower case, 1 special character and 1 number. Do not reuse the same password on multiple sites.
- Use a password manager to manage your passwords.
- Set up multifactor authentication for financial or other sensitive account log-ons.
- Do not open any attachments or click on any links in an email unless you are expecting them. Even then, verify with the sender. Think before you click.
- If you really need to respond to an email that you are not sure about, click “forward” NOT “REPLY” and type in the recipient’s name.
- Remember, no reputable institution (Education, Financial, Government, etc.) will ever ask you for your personal information in an email (password, username, SS#, credit card number, etc.).
- Be wary of ANY email that stresses a sense of urgency. They are trying to get you to react quickly without thinking.
- Do not install random software from the Internet (“Free software” = Malware).
- Before installing software on your mobile device consider whether it’s reasonable for the application to have access to your personal information (many of these apps request access to your photos, GPS, storage, contacts, etc.).
- Use a password (or biometric) for your mobile device to secure it from unauthorized access.
- Don’t operate your computer as an Administrator – run as a normal user with non-administrative privileges. It is much easier for malware to do harm when you use your computer as an Administrator.
- Use a separate “clean machine” for your financial business (bill pay, purchasing items online, etc.). Use another device for casual browsing and other online entertainment.
- Shut down your computer if you are not using it for more than a day (saves energy and reduces your attack surface).
- Set up a separate email account for dating sites, mailing lists, coupons, etc. Never use your work email for personal use.
- Always create a backup of your important information (think ransomware). Disconnect local backups AFTER backing up your data. Cloud backups are generally inexpensive (make sure to understand where they are storing your data).
- Encrypt your devices (by using a password) – computers, laptops, tablets and mobile devices, etc. Would you hand your unlocked mobile device to a stranger and walk away? Make sure only you have the encryption key.
- Check your bank statements, credit card statements and health EOB statements every month.
- Add family and work contacts to your phone contacts list; do not answer any other robocalls from unfamiliar numbers.
- Minimize tracking by blocking third party cookies in your browser.
- Do a privacy tune-up for your social media accounts.
- Carefully dispose of used hard drives and computers; securely wipe the drive or physically destroy it.
- If you make use of portable USB drives, encrypt the data stored therein and securely wipe the drive when done.
- Install UPS (Uninterruptable Power Supplies) for home computers. These enable operation and graceful shutdown when power fails.
- Develop a disaster recovery plan for your home or small business. If disaster strikes, how will you access needed information and information services?
Effective digital security should not only take place in October. For more ideas on how to safeguard your data every day, we encourage you to visit the National Cybersecurity Alliance for more tips on how to protect yourself online.